ARTEMIS-4712 remove LDAP connection pooling
This commit is contained in:
parent
0fad7ece87
commit
baa8710fa2
|
@ -94,7 +94,6 @@ public class LDAPLoginModule implements AuditLoginModule {
|
|||
REFERRAL("referral"),
|
||||
IGNORE_PARTIAL_RESULT_EXCEPTION("ignorePartialResultException"),
|
||||
PASSWORD_CODEC("passwordCodec"),
|
||||
CONNECTION_POOL("connectionPool"),
|
||||
CONNECTION_TIMEOUT("connectionTimeout"),
|
||||
READ_TIMEOUT("readTimeout"),
|
||||
NO_CACHE_EXCEPTIONS("noCacheExceptions");
|
||||
|
@ -660,9 +659,6 @@ public class LDAPLoginModule implements AuditLoginModule {
|
|||
env.put(Context.SECURITY_PROTOCOL, getLDAPPropertyValue(ConfigKey.CONNECTION_PROTOCOL));
|
||||
env.put(Context.PROVIDER_URL, getLDAPPropertyValue(ConfigKey.CONNECTION_URL));
|
||||
env.put(Context.SECURITY_AUTHENTICATION, getLDAPPropertyValue(ConfigKey.AUTHENTICATION));
|
||||
if (isLoginPropertySet(ConfigKey.CONNECTION_POOL)) {
|
||||
env.put("com.sun.jndi.ldap.connect.pool", getLDAPPropertyValue(ConfigKey.CONNECTION_POOL));
|
||||
}
|
||||
if (isLoginPropertySet(ConfigKey.CONNECTION_TIMEOUT)) {
|
||||
env.put("com.sun.jndi.ldap.connect.timeout", getLDAPPropertyValue(ConfigKey.CONNECTION_TIMEOUT));
|
||||
}
|
||||
|
|
|
@ -32,15 +32,13 @@ import javax.security.auth.login.LoginContext;
|
|||
import javax.security.auth.login.LoginException;
|
||||
import javax.security.auth.spi.LoginModule;
|
||||
import java.io.IOException;
|
||||
import java.lang.invoke.MethodHandles;
|
||||
import java.lang.reflect.Field;
|
||||
import java.lang.reflect.Modifier;
|
||||
import java.util.HashMap;
|
||||
import java.util.HashSet;
|
||||
import java.util.Hashtable;
|
||||
import java.util.Set;
|
||||
import java.util.concurrent.Executor;
|
||||
import java.util.concurrent.ExecutorService;
|
||||
import java.util.concurrent.Executors;
|
||||
import java.util.concurrent.TimeUnit;
|
||||
|
||||
import org.apache.directory.server.annotations.CreateLdapServer;
|
||||
|
@ -48,13 +46,12 @@ import org.apache.directory.server.annotations.CreateTransport;
|
|||
import org.apache.directory.server.core.annotations.ApplyLdifFiles;
|
||||
import org.apache.directory.server.core.integ.AbstractLdapTestUnit;
|
||||
import org.apache.directory.server.core.integ.FrameworkRunner;
|
||||
import org.slf4j.Logger;
|
||||
import org.slf4j.LoggerFactory;
|
||||
import java.lang.invoke.MethodHandles;
|
||||
import org.junit.After;
|
||||
import org.junit.Before;
|
||||
import org.junit.Test;
|
||||
import org.junit.runner.RunWith;
|
||||
import org.slf4j.Logger;
|
||||
import org.slf4j.LoggerFactory;
|
||||
|
||||
import static org.junit.Assert.assertEquals;
|
||||
import static org.junit.Assert.assertFalse;
|
||||
|
@ -139,57 +136,6 @@ public class LDAPLoginModuleTest extends AbstractLdapTestUnit {
|
|||
assertTrue("sessions still active after logout", waitFor(() -> ldapServer.getLdapSessionManager().getSessions().length == 0));
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testLoginPooled() throws Exception {
|
||||
CallbackHandler callbackHandler = callbacks -> {
|
||||
for (int i = 0; i < callbacks.length; i++) {
|
||||
if (callbacks[i] instanceof NameCallback) {
|
||||
((NameCallback) callbacks[i]).setName("first");
|
||||
} else if (callbacks[i] instanceof PasswordCallback) {
|
||||
((PasswordCallback) callbacks[i]).setPassword("secret".toCharArray());
|
||||
} else {
|
||||
throw new UnsupportedCallbackException(callbacks[i]);
|
||||
}
|
||||
}
|
||||
};
|
||||
|
||||
LoginContext context = new LoginContext("LDAPLoginPooled", callbackHandler);
|
||||
context.login();
|
||||
context.logout();
|
||||
|
||||
// again
|
||||
context.login();
|
||||
context.logout();
|
||||
|
||||
// new context
|
||||
context = new LoginContext("LDAPLoginPooled", callbackHandler);
|
||||
context.login();
|
||||
context.logout();
|
||||
|
||||
Executor pool = Executors.newCachedThreadPool();
|
||||
for (int i = 0; i < 20; i++) {
|
||||
pool.execute(() -> {
|
||||
try {
|
||||
LoginContext context1 = new LoginContext("LDAPLoginPooled", callbackHandler);
|
||||
context1.login();
|
||||
context1.logout();
|
||||
} catch (Exception ignored) {
|
||||
}
|
||||
});
|
||||
}
|
||||
|
||||
/*
|
||||
* The number of sessions here is variable due to the pool used to create the LoginContext objects and the pooling
|
||||
* for the LDAP connections (which are managed by the JVM implementation). We really just need to confirm that
|
||||
* there are still connections to the LDAP server open even after all the LoginContext objects are closed as that
|
||||
* will indicate the LDAP connection pooling is working.
|
||||
*/
|
||||
assertTrue("not enough active sessions after logout", waitFor(() -> ldapServer.getLdapSessionManager().getSessions().length >= 5));
|
||||
|
||||
((ExecutorService) pool).shutdown();
|
||||
((ExecutorService) pool).awaitTermination(2, TimeUnit.SECONDS);
|
||||
}
|
||||
|
||||
public interface Condition {
|
||||
boolean isSatisfied() throws Exception;
|
||||
}
|
||||
|
|
|
@ -49,27 +49,6 @@ LDAPLogin {
|
|||
;
|
||||
};
|
||||
|
||||
LDAPLoginPooled {
|
||||
org.apache.activemq.artemis.spi.core.security.jaas.LDAPLoginModule required
|
||||
debug=true
|
||||
initialContextFactory=com.sun.jndi.ldap.LdapCtxFactory
|
||||
connectionURL="ldap://localhost:1024"
|
||||
connectionUsername="uid=admin,ou=system"
|
||||
connectionPassword=secret
|
||||
connectionProtocol=s
|
||||
authentication=simple
|
||||
userBase="ou=system"
|
||||
userSearchMatching="(uid={0})"
|
||||
userSearchSubtree=false
|
||||
roleBase="ou=system"
|
||||
roleName=cn
|
||||
roleSearchMatching="(member=uid={1},ou=system)"
|
||||
roleSearchSubtree=false
|
||||
connectionPool=true
|
||||
connectionTimeout="2000"
|
||||
;
|
||||
};
|
||||
|
||||
UnAuthenticatedLDAPLogin {
|
||||
org.apache.activemq.artemis.spi.core.security.jaas.LDAPLoginModule required
|
||||
debug=true
|
||||
|
|
|
@ -616,10 +616,6 @@ currently, the only supported value is a blank string.
|
|||
In future, this option will allow you to select the Secure Socket Layer (SSL) for the connection to the directory server.
|
||||
This option must be set explicitly to an empty string, because it has no default value.
|
||||
|
||||
connectionPool::
|
||||
boolean, enable the LDAP connection pool property 'com.sun.jndi.ldap.connect.pool'.
|
||||
Note that the pool is https://docs.oracle.com/javase/jndi/tutorial/ldap/connect/config.html[configured at the jvm level with system properties].
|
||||
|
||||
connectionTimeout::
|
||||
specifies the string representation of an integer representing the connection timeout in milliseconds.
|
||||
If the LDAP provider cannot establish a connection within that period, it aborts the connection attempt.
|
||||
|
|
|
@ -12,6 +12,23 @@ NOTE: If the upgrade spans multiple versions then the steps from *each* version
|
|||
|
||||
NOTE: Follow the general upgrade procedure outlined in the xref:upgrading.adoc#upgrading-the-broker[Upgrading the Broker] chapter in addition to any version-specific upgrade instructions outlined here.
|
||||
|
||||
== 2.34.0
|
||||
|
||||
https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12315920&version=...[Full release notes]
|
||||
|
||||
=== Highlights
|
||||
|
||||
* A
|
||||
* B
|
||||
* C
|
||||
|
||||
=== Upgrading from 2.33.0
|
||||
|
||||
* Due to https://issues.apache.org/jira/browse/ARTEMIS-4712[ARTEMIS-4712] the connection pooling functionality configured via the `connectionPool` property in `login.config` is no longer supported in the `LDAPLoginModule`.
|
||||
The `login.config` may still use the `connectionPool` property.
|
||||
No error will be thrown.
|
||||
However, connections will no longer be pooled regardless of the configuration.
|
||||
|
||||
== 2.33.0
|
||||
|
||||
https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12315920&version=12354184[Full release notes]
|
||||
|
|
Loading…
Reference in New Issue